Merging of query elements in an enterprise system is described. The enterprise system receives queries, which may each be broken down into query components. The enterprise system identifies query components that are related to identical event information from a data source of the enterprise. The enterprise system sends a single query to the data source for the event information, receives the response, and sends the response to the query sources.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response.
The system receives multiple data queries from different sources within an enterprise network. These queries request information about events, where each event is a change to structured data in a subsystem. When two or more queries request the same event data from the same data source, the system combines these queries into one. This single combined query is sent to the node closest to that data source. Other, non-combined queries are sent to their respective data source nodes. The data source node sends back a response to the combined query, and the system forwards this response to all the original query sources as partial results.
2. The method of claim 1 , wherein receiving the multiple query components comprises receiving query components from query sources having different levels of security access with respect to common event information; and wherein sending the single query component for the common event information further comprises indicating the different levels of security access with respect to the common event information.
In the data query system, some queries come from sources with different security access levels to the shared data. When sending the combined query for common event information, the system also communicates these different security access levels to the data source. This allows the data source to understand the security context of each request within the combined query, building on "A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
3. The method of claim 1 , wherein receiving the multiple query components comprises receiving query components from query sources having different levels of security access with respect to common event information; and wherein sending the single query component for the common event information further comprises requesting access to the common query component according to a highest level of security access among the different levels of security access.
In the data query system, where some queries have differing security levels, when sending a combined query, the system requests data access using the *highest* security level required by any of the original queries. This ensures all requesters get the data they're authorized for. This builds upon "A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
4. The method of claim 3 , further comprising: filtering the response to the single query component from the one data source; and sending data to the query sources in accordance with the level of security access associated with each respective query source.
The data query system first requests data at the highest security level. Then, before sending data back to the individual requestors, the system *filters* the data according to the security clearance of each requestor. Only authorized data is sent to each source. This supplements "The method of claim 3, wherein receiving the multiple query components comprises receiving query components from query sources having different levels of security access with respect to common event information; and wherein sending the single query component for the common event information further comprises requesting access to the common query component according to a highest level of security access among the different levels of security access."
5. The method of claim 4 , wherein filtering the response to the single query component comprises row level filtering the response in accordance with a row level filter that indicates the level of security access associated with each respective query source.
The filtering process involves "row-level" filtering. Each row of data has an associated security level. The system compares the row security level with the user's security level, and only sends rows that the user is authorized to see. This builds on "The method of claim 4, further comprising: filtering the response to the single query component from the one data source; and sending data to the query sources in accordance with the level of security access associated with each respective query source."
6. The method of claim 1 , wherein sending the single query component comprises: forwarding a query component to a neighboring node of the enterprise system that has a query component for the common event information and that generates a request to the one data source; and wherein receiving the response to the single query comprises: receiving the response from the neighboring node of the enterprise.
Instead of sending the combined query directly to the data source node, the system can forward it to a "neighboring" node. This neighbor already has a query for the same data and will generate the query. The system then receives the response from this neighboring node. This extends "A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
7. The method of claim 1 , wherein receiving the response comprises: receiving real-time and non real-time event information in response to a query component.
The system can receive both real-time (immediate) and non-real-time (delayed) event data in response to a single query. This expands on "A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
8. The method of claim 1 , further comprising: parsing one of the query components into multiple subcomponents, where at least one of the subcomponents is related to common event information as another received query component.
The system can break down a single query into smaller parts ("subcomponents"). If a subcomponent requests the same data as another query, the system treats it as a query to combine. This enhances "A computer-implemented method comprising: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
9. A computer-readable storage medium tangibly embodying content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations, including: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response.
A computer-readable storage medium contains instructions that, when executed, cause a processor to perform the following actions: receiving multiple data queries from different sources within an enterprise network where each event is a change to structured data in a subsystem. When two or more queries request the same event data from the same data source, the instructions combine these queries into one. This single combined query is sent to the node closest to that data source. Other, non-combined queries are sent to their respective data source nodes. The data source node sends back a response to the combined query, and the instructions cause the system to forward this response to all the original query sources as partial results.
10. The computer readable storage medium of claim 9 , wherein the content to provide instructions for receiving the multiple query components comprises content to provide instructions for receiving query components from query sources having different levels of security access with respect to common event information; and wherein the content to provide instructions for sending the single query component for the common event information further comprises content to provide instructions for indicating the different levels of security access with respect to the common event information.
The storage medium, as described in the previous claim, includes instructions for handling different security access levels. When combining queries for shared data, the instructions also communicate these different security levels to the data source. This is based on "A computer-readable storage medium tangibly embodying content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations, including: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
11. The computer readable storage medium of claim 9 , wherein the content to provide instructions for receiving the multiple query components comprises content to provide instructions for receiving query components from query sources having different levels of security access with respect to common event information; and wherein the content to provide instructions for sending the single query component for the common event information further comprises content to provide instructions for requesting access to the common query component according to a highest level of security access among the different levels of security access.
This invention relates to a system for managing and querying event information across multiple sources with varying security access levels. The problem addressed is the challenge of integrating and querying event data from different sources that have different security restrictions, ensuring that only authorized users can access sensitive information while still allowing comprehensive queries. The system involves a computer-readable storage medium containing instructions for receiving multiple query components from different query sources, where each source has a distinct security access level related to common event information. The system processes these components to generate a single query that can access the common event information, but only if the requesting user has the highest level of security access among all the sources involved. This ensures that sensitive data is protected while still enabling efficient querying across multiple sources. The instructions also include mechanisms for validating the security access levels of the query sources and determining the highest required access level before executing the query. This approach prevents unauthorized access to restricted data while maintaining the integrity and usability of the event information system. The system is particularly useful in environments where data from multiple sources must be combined, such as in cybersecurity, enterprise monitoring, or regulatory compliance applications.
12. The computer readable storage medium of claim 11 , further comprising content to provide instructions for filtering the response to the single query component from the one data source; and sending data to the query sources in accordance with the level of security access associated with each respective query source.
The storage medium contains instructions to first request data at the highest security level. Then, before sending data back to the individual requestors, the instructions cause the system to *filter* the data according to the security clearance of each requestor. Only authorized data is sent to each source. This enhances "The computer readable storage medium of claim 11, wherein the content to provide instructions for receiving the multiple query components comprises content to provide instructions for receiving query components from query sources having different levels of security access with respect to common event information; and wherein the content to provide instructions for sending the single query component for the common event information further comprises content to provide instructions for requesting access to the common query component according to a highest level of security access among the different levels of security access."
13. The computer readable storage medium of claim 12 , wherein the content to provide instructions for filtering the response to the single query component comprises content to provide instructions for row level filtering the response in accordance with a row level filter that indicates the level of security access associated with each respective query source.
The storage medium contains instructions to perform "row-level" filtering. Each row of data has an associated security level. The instructions cause the system to compare the row security level with the user's security level, and only sends rows that the user is authorized to see. This builds on "The computer readable storage medium of claim 12, further comprising content to provide instructions for filtering the response to the single query component from the one data source; and sending data to the query sources in accordance with the level of security access associated with each respective query source."
14. The computer readable storage medium of claim 9 , wherein the content to provide instructions for sending the single query component comprises content to provide instructions for forwarding a query component to a neighboring node of the enterprise system that has a query component for the common event information and that generates a request to the one data source; and wherein the content to provide instructions for receiving the response to the single query comprises content to provide instructions for receiving the response from the neighboring node of the enterprise.
The storage medium contains instructions to forward the combined query to a "neighboring" node. This neighbor already has a query for the same data and will generate the query. The system then receives the response from this neighboring node. This extends on "A computer-readable storage medium tangibly embodying content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations, including: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
15. The computer readable storage medium of claim 9 , wherein the content to provide instructions for receiving the response comprises content to provide instructions for receiving real-time and non real-time event information in response to a query component.
The storage medium contains instructions for receiving both real-time (immediate) and non-real-time (delayed) event data in response to a single query. This expands on "A computer-readable storage medium tangibly embodying content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations, including: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
16. The computer readable storage medium of claim 9 , further comprising content to provide instructions for parsing one of the query components into multiple subcomponents, where at least one of the subcomponents is related to common event information as another received query component.
The storage medium contains instructions for breaking down a single query into smaller parts ("subcomponents"). If a subcomponent requests the same data as another query, the system treats it as a query to combine. This enhances on "A computer-readable storage medium tangibly embodying content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations, including: receiving multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple separate data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes; identifying two query components related to common event information from one of the data sources; sending a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information; sending each other query component to enterprise nodes local to data sources that generate event information related to the other query components; receiving a response to the single query component from the enterprise node local to the one data source; and sending the response to each query source to provide the event information as a partial event query response."
17. A server node of an enterprise network, comprising: a network interface circuit to receive multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes, and where the multiple query sources include one or more client devices; a stream sharing engine to identify two query components related to common event information from one of the data sources; a query router to send a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information, send other query components to other enterprise nodes local to data sources that generate event information related to the other query components, and receive a response to the single query component from the enterprise node local to the one data source; and a query responder to send the response to each query source via the network interface circuit to provide the event information as a partial event query response.
An enterprise network server node includes a network interface to receive queries from multiple client devices. A stream sharing engine combines queries for common event data from the same data source into a single query. A query router sends this combined query to the data source node, and other queries to their respective nodes. It also receives the response from the data source node. Finally, a query responder sends the response to each client that requested the data, acting as a partial query response for each.
18. The server node of claim 17 , wherein the network interface circuit receives query components from query sources having different levels of security access with respect to common event information; and wherein the query router indicates the different levels of security access with respect to the common event information.
The server node receives queries from sources with varying security access. When routing the combined query, the server indicates these different security levels to the data source. This builds upon "A server node of an enterprise network, comprising: a network interface circuit to receive multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes, and where the multiple query sources include one or more client devices; a stream sharing engine to identify two query components related to common event information from one of the data sources; a query router to send a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information, send other query components to other enterprise nodes local to data sources that generate event information related to the other query components, and receive a response to the single query component from the enterprise node local to the one data source; and a query responder to send the response to each query source via the network interface circuit to provide the event information as a partial event query response."
19. The server node of claim 17 , wherein the network interface circuit receives query components from query sources having different levels of security access with respect to common event information; and wherein the query router requests access to the common event information according to a highest level of security access among the different levels of security access.
The server node handles different security levels by requesting data at the *highest* security level when sending the combined query. This ensures all requesters receive the data they're authorized for. This expands on "A server node of an enterprise network, comprising: a network interface circuit to receive multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes, and where the multiple query sources include one or more client devices; a stream sharing engine to identify two query components related to common event information from one of the data sources; a query router to send a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information, send other query components to other enterprise nodes local to data sources that generate event information related to the other query components, and receive a response to the single query component from the enterprise node local to the one data source; and a query responder to send the response to each query source via the network interface circuit to provide the event information as a partial event query response."
20. The server node of claim 19 , wherein the stream sharing engine is to further filter the response to the single query component from the one data source, and the query responder is to send data to the query sources in accordance with the level of security access associated with each respective query source.
After requesting data at the highest security level, the stream sharing engine *filters* the data before sending it to each client. The query responder sends only authorized data to each client. This builds on "The server node of claim 19, wherein the network interface circuit receives query components from query sources having different levels of security access with respect to common event information; and wherein the query router requests access to the common event information according to a highest level of security access among the different levels of security access."
21. The server node of claim 20 , wherein the stream sharing engine further includes an access lists that indicates the level of security access associated with each respective query source, and filters the response in accordance with the access list.
The stream sharing engine uses "access lists" to determine each client's security level. It filters the data based on these access lists before sending the response. This elaborates on "The server node of claim 20, wherein the stream sharing engine is to further filter the response to the single query component from the one data source, and the query responder is to send data to the query sources in accordance with the level of security access associated with each respective query source."
22. The server node of claim 17 , wherein the query router forwards the query component to a neighboring node of the enterprise system that has a query component for the common event information and that generates a request to the one data source, and receives the response from the neighboring node of the enterprise.
The query router forwards the combined query to a neighboring node that already has a query for the same data. The server node then receives the response from this neighboring node. This supplements "A server node of an enterprise network, comprising: a network interface circuit to receive multiple query components from multiple query sources requesting information about one or more events in an enterprise system having multiple data sources distributed among separate enterprise nodes, where each event includes a change in a structured data object, the data sources being separate enterprise subsystems that generate the changes, and where the multiple query sources include one or more client devices; a stream sharing engine to identify two query components related to common event information from one of the data sources; a query router to send a single query component to an enterprise node local to the one data source of the enterprise system that generates the common event information, send other query components to other enterprise nodes local to data sources that generate event information related to the other query components, and receive a response to the single query component from the enterprise node local to the one data source; and a query responder to send the response to each query source via the network interface circuit to provide the event information as a partial event query response."
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 19, 2009
September 17, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.